Vulnerability Note VU#158609

Overview

The IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) contains a buffer overflow vulnerability in the web server component. This vulnerability may allow an attacker to execute arbitrary code with SYSTEM privileges or cause a denial of service.

Description

IBM Tivoli Provisioning Manager for OS Deployment (TPMfOSD) is a network boot server that facilitates central management of networked workstations. IBM TPMfOSD contains a buffer overflow vulnerability within the logging functionality of the web server component. A remote, unauthenticated attacker may be able to exploit this vulnerability by sending a specially crafted HTTPS (443/TCP) request to a target machine.

Impact

A remote, unauthenticated attacker could execute arbitrary code with SYSTEM privileges or crash the server process, causing a denial of service.